Lucene search
Copyright (C) 2023 Greenbone AGOPENVAS:136141256231112202361901HistoryJun 29, 2023 - 12:00 a.m.
Ubuntu: Security Advisory (USN-6190-1)
2023-06-2900:00:00
Copyright (C) 2023 Greenbone AG
plugins.openvas.org
8
ubuntu
security
advisory
accountsservice
package
vulnerability
denial of service
update
2023
CVSS3
8.1
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
AI Score
7.8
Confidence
High
EPSS
0
Percentile
5.1%
The remote host is missing an update for the
# SPDX-FileCopyrightText: 2023 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.1.12.2023.6190.1");
script_cve_id("CVE-2023-3297");
script_tag(name:"creation_date", value:"2023-06-29 04:09:23 +0000 (Thu, 29 Jun 2023)");
script_version("2024-02-02T05:06:10+0000");
script_tag(name:"last_modification", value:"2024-02-02 05:06:10 +0000 (Fri, 02 Feb 2024)");
script_tag(name:"cvss_base", value:"6.8");
script_tag(name:"cvss_base_vector", value:"AV:L/AC:L/Au:S/C:C/I:C/A:C");
script_tag(name:"severity_vector", value:"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2023-09-07 19:24:36 +0000 (Thu, 07 Sep 2023)");
script_name("Ubuntu: Security Advisory (USN-6190-1)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2023 Greenbone AG");
script_family("Ubuntu Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/ubuntu_linux", "ssh/login/packages", re:"ssh/login/release=UBUNTU(20\.04\ LTS|22\.04\ LTS|22\.10|23\.04)");
script_xref(name:"Advisory-ID", value:"USN-6190-1");
script_xref(name:"URL", value:"https://ubuntu.com/security/notices/USN-6190-1");
script_tag(name:"summary", value:"The remote host is missing an update for the 'accountsservice' package(s) announced via the USN-6190-1 advisory.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");
script_tag(name:"insight", value:"Kevin Backhouse discovered that AccountsService incorrectly handled certain
D-Bus messages. A local attacker could use this issue to cause
AccountsService to crash, resulting in a denial of service, or possibly
execute arbitrary code.");
script_tag(name:"affected", value:"'accountsservice' package(s) on Ubuntu 20.04, Ubuntu 22.04, Ubuntu 22.10, Ubuntu 23.04.");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"package");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-deb.inc");
release = dpkg_get_ssh_release();
if(!release)
exit(0);
res = "";
report = "";
if(release == "UBUNTU20.04 LTS") {
if(!isnull(res = isdpkgvuln(pkg:"accountsservice", ver:"0.6.55-0ubuntu12~20.04.6", rls:"UBUNTU20.04 LTS"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"libaccountsservice0", ver:"0.6.55-0ubuntu12~20.04.6", rls:"UBUNTU20.04 LTS"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
if(release == "UBUNTU22.04 LTS") {
if(!isnull(res = isdpkgvuln(pkg:"accountsservice", ver:"22.07.5-2ubuntu1.4", rls:"UBUNTU22.04 LTS"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"libaccountsservice0", ver:"22.07.5-2ubuntu1.4", rls:"UBUNTU22.04 LTS"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
if(release == "UBUNTU22.10") {
if(!isnull(res = isdpkgvuln(pkg:"accountsservice", ver:"22.08.8-1ubuntu1.1", rls:"UBUNTU22.10"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"libaccountsservice0", ver:"22.08.8-1ubuntu1.1", rls:"UBUNTU22.10"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
if(release == "UBUNTU23.04") {
if(!isnull(res = isdpkgvuln(pkg:"accountsservice", ver:"22.08.8-1ubuntu7.1", rls:"UBUNTU23.04"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"libaccountsservice0", ver:"22.08.8-1ubuntu7.1", rls:"UBUNTU23.04"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
exit(0);
Related
cvelist
cvelist
CVE-2023-3297
2023-09-01 20:49:43
osv
osv
accountsservice vulnerability
2023-06-28 12:11:45
accountsservice vulnerability
2023-09-25 10:52:46
ubuntu
ubuntu
AccountsService vulnerability
2023-06-28 00:00:00
AccountsService vulnerability
2023-09-25 00:00:00
nessus
nessus
nvd
nvd
CVE-2023-3297
2023-09-01 21:15:07
openvas
openvas
Ubuntu: Security Advisory (USN-6190-2)
2023-09-26 00:00:00
prion
prion
Double free
2023-09-01 21:15:00
ubuntucve
ubuntucve
CVE-2023-3297
2023-06-28 00:00:00
cve
cve
CVE-2023-3297
2023-09-01 21:15:07
redhatcve
redhatcve
CVE-2023-3297
2023-06-30 07:47:40
debiancve
debiancve
CVE-2023-3297
2023-09-01 21:15:07
CVSS3
8.1
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
AI Score
7.8
Confidence
High
EPSS
0
Percentile
5.1%
Related for OPENVAS:136141256231112202361901